from sslyze.plugins.openssl_cipher_suites_plugin import (
Sslv20ScanCommand,
Sslv30ScanCommand,
Tlsv10ScanCommand,
Tlsv11ScanCommand,
Tlsv12ScanCommand,
Tlsv13ScanCommand,
)
COMMANDS = [
Sslv20ScanCommand(),
Sslv30ScanCommand(),
Tlsv10ScanCommand(),
Tlsv11ScanCommand(),
Tlsv12ScanCommand(),
Tlsv13ScanCommand(),
]
ACCEPTED_CIPHERS = [
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
]
def scan_parallel(scanner, server_info, data, options):
logging.debug("\tRunning scans in parallel.")
def queue(command):
try:
return scanner.queue_scan_command(server_info, command)
except OSError as err:
text = ("OSError - likely too many processes and open files.")
data['errors'].append(text)
logging.warn("%s\n%s" % (text, utils.format_last_exception()))
return None, None, None, None, None, None
except Exception as err:
text = ("Unknown exception queueing sslyze command.\n%s" %
utils.format_last_exception())
data['errors'].append(text)
logging.warn(text)
return None, None, None, None, None, None
# Initialize commands and result containers
sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2, certs = None, None, None, None, None, None
# Queue them all up
queue(Sslv20ScanCommand())
queue(Sslv30ScanCommand())
queue(Tlsv10ScanCommand())
queue(Tlsv11ScanCommand())
queue(Tlsv12ScanCommand())
if options.get("sslyze-certs", True) is True:
queue(CertificateInfoScanCommand())
# Reassign them back to predictable places after they're all done
was_error = False
for result in scanner.get_results():
try:
if isinstance(result, PluginRaisedExceptionScanResult):
error = ("Scan command failed: %s" % result.as_text())
logging.warn(error)
data['errors'].append(error)
return None, None, None, None, None, None
if type(result.scan_command) == Sslv20ScanCommand:
sslv2 = result
elif type(result.scan_command) == Sslv30ScanCommand:
sslv3 = result
elif type(result.scan_command) == Tlsv10ScanCommand:
tlsv1 = result
elif type(result.scan_command) == Tlsv11ScanCommand:
tlsv1_1 = result
elif type(result.scan_command) == Tlsv12ScanCommand:
tlsv1_2 = result
elif type(result.scan_command) == CertificateInfoScanCommand:
certs = result
else:
error = "Couldn't match scan result with command! %s" % result
logging.warn("\t%s" % error)
data['errors'].append(error)
was_error = True
except Exception as err:
was_error = True
text = ("Exception inside async scanner result processing.\n%s" %
utils.format_last_exception())
data['errors'].append(text)
logging.warn("\t%s" % text)
# There was an error during async processing.
if was_error:
return None, None, None, None, None, None
logging.debug("\tDone scanning.")
return sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2, certs
def ssltlsscan(web):
target = web.split('//')[1]
#print(R+'\n ===============================')
#print(R+' S S L E N U M E R A T I O N')
#print(R+' ===============================\n')
from core.methods.print import pscan
pscan("ssl enumeration")
print(GR + ' [*] Testing server SSL status...')
try:
req = requests.get('https://' + target)
print(G + ' [+] SSL Working Properly...')
time.sleep(0.6)
print(O + " [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G + " [+] Available TLS v1.0 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C + ' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G + " [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C + ' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G + " [+] Available TLS v1.2 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C + ' {}'.format(cipher.name))
print('')
command = CertificateInfoScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G + ' [+] Certificate Information:')
for entry in scan_result.as_text():
if entry != '':
if 'certificate information' in entry.lower():
pass
elif ':' in entry:
print(GR + ' [+] ' +
entry.strip().split(':', 1)[0].strip() + ' : ' +
C + entry.strip().split(':', 1)[1].strip())
else:
print(O + '\n [+] ' + entry.strip())
print('')
command = HttpHeadersScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G + ' [+] HTTP Results:')
for entry in scan_result.as_text():
if 'http security' not in entry.strip().lower(
) and entry != '':
if '-' in entry:
print(GR + ' [+] ' +
entry.split('-', 1)[0].strip() + ' - ' + C +
entry.split('-', 1)[1].strip())
elif ':' in entry:
print(GR + ' [+] ' +
entry.strip().split(':', 1)[0].strip() + ' : ' +
C + entry.strip().split(':', 1)[1].strip())
else:
print(O + '\n [+] ' + entry.strip())
print('')
except Exception as e:
print(R + ' [-] Unhandled SSL Runtime Exception : ' + str(e))
pass
except requests.exceptions.SSLError as e:
print(R + ' [-] Distant Server SSL not working : ' + str(e))
print(G + ' [+] SSlScan Module Completed!')
def test_ssl_basic(self, hostname, port=443):
'''
Uses the `ServerConnectivityTester` functionality of SSlyze to perform a basic test.
Port defaults to 443 unless provided otherwise
hostname is mandatory
| test ssl basic | hostname | port (optional |
'''
try:
tester = ServerConnectivityTester(hostname=hostname, port=port)
server_info = tester.perform()
scanner = ConcurrentScanner()
# scanner.queue_scan_command(info, certificate_info_plugin.CertificateInfoScanCommand())
scanner.queue_scan_command(server_info, Sslv20ScanCommand())
scanner.queue_scan_command(server_info, Sslv30ScanCommand())
scanner.queue_scan_command(server_info, Tlsv10ScanCommand())
scanner.queue_scan_command(server_info, Tlsv10ScanCommand())
scanner.queue_scan_command(server_info, Tlsv11ScanCommand())
scanner.queue_scan_command(server_info, Tlsv12ScanCommand())
scanner.queue_scan_command(server_info, HeartbleedScanCommand())
scanner.queue_scan_command(server_info, RobotScanCommand())
# scanner.queue_scan_command(server_info, CertificateInfoScanCommand())
for scan_result in scanner.get_results():
# logger.info("Scan result for: {} on hostname: {}".format(scan_result.scan_command.__class__.__name__, scan_result.server_info.hostname))
if isinstance(scan_result, PluginRaisedExceptionScanResult):
raise Exception("Scan Command Failed: {}".format(
scan_result.as_text()))
if isinstance(scan_result.scan_command, Sslv20ScanCommand):
if scan_result.accepted_cipher_list:
logger.warn("SSLv2 ciphersuites accepted")
for suite in scan_result.accepted_cipher_list:
logger.info("\t{}".format(suite.name))
else:
logger.info("SSLv2 ciphersuites not accepted")
if isinstance(scan_result.scan_command, Sslv30ScanCommand):
if scan_result.accepted_cipher_list:
logger.warn("SSLv3 Cipher Suites accepted")
for suite in scan_result.accepted_cipher_list:
logger.info("\t{}".format(suite.name))
else:
logger.info("SSLv3 ciphersuites not accepted")
if isinstance(scan_result.scan_command, Tlsv10ScanCommand):
if scan_result.accepted_cipher_list:
logger.warn("TLSv1 Cipher Suites accepted")
for suite in scan_result.accepted_cipher_list:
logger.info("\t{}".format(suite.name))
else:
logger.info("TLSv1 ciphersuites not accepted")
if isinstance(scan_result.scan_command, Tlsv11ScanCommand):
if scan_result.accepted_cipher_list:
logger.info("TLSv1.1 Cipher Suites accepted")
for suite in scan_result.accepted_cipher_list:
logger.info("\t{}".format(suite.name))
else:
logger.info("TLSv1.1 ciphersuites not accepted")
if isinstance(scan_result.scan_command, Tlsv12ScanCommand):
if scan_result.accepted_cipher_list:
logger.info("TLSv1.2 Cipher Suites accepted")
for suite in scan_result.accepted_cipher_list:
logger.info("\t{}".format(suite.name))
else:
logger.info("TLSv1.2 ciphersuites not accepted")
if isinstance(scan_result.scan_command, HeartbleedScanCommand):
if scan_result.is_vulnerable_to_heartbleed:
logger.warn(
"Server TLS implementation is vulnerable to Heartbleed"
)
else:
logger.info(
"Server TLS Implementation not vulnerable to Heartbleed"
)
if isinstance(scan_result.scan_command, RobotScanCommand):
logger.info("Test for ROBOT Vulnerability")
if scan_result.robot_result_enum.NOT_VULNERABLE_NO_ORACLE:
logger.info(
"\tNot Vulnerable: The server supports RSA cipher suites but does not act as an oracle"
)
elif scan_result.robot_result_enum.VULNERABLE_WEAK_ORACLE:
logger.warn(
"\tVulnerable: The server is vulnerable but the attack would take too long"
)
elif scan_result.robot_result_enum.VULNERABLE_STRONG_ORACLE:
logger.warn(
"\tVulnerable: The server is vulnerable and real attacks are feasible"
)
elif scan_result.robot_result_enum.NOT_VULNERABLE_RSA_NOT_SUPPORTED:
logger.info(
"\tNot Vulnerable: The server does not supports RSA cipher suites"
)
else:
logger.info(
"\tUnable to determine if implementation is vulnerable"
)
# if isinstance(scan_result.scan_command, CertificateInfoScanCommand):
# logger.info(u'Server Certificate CN: {}'.format(
# dict(scan_result.certificate_chain[0])[u'subject'][u'commonName']
# ))
except ServerConnectivityError as e:
logger.error('Error when trying to connect to {}: {}'.format(
e.server_info.hostname, e.error_message))